CVE-2017-13179

Name of the Vulnerable Software and Affected Versions Android versions 6.0.1 through 8.1

Description The issue is related to the use of memory after it has been freed in the ihevcd allocate static bufs and ihevcd create functions of SoftHEVC. This could lead to a possible out-of-bounds write, allowing a remote attacker to execute arbitrary code in the context of a privileged process without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Android versions 6.0.1 through 8.1, consider disabling the ihevcd allocate static bufs and ihevcd create functions as a temporary workaround until a patch is available. Restrict access to the affected SoftHEVC module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.